systembc | 8425ae333ccb3d734a5f33136a2102d5bfde0e96fa438ca9aba8425cc17a1bf4

General

Target

s.exe
Size

269KB
MD5

28c2680f129eac906328f1af39995787
SHA1

6d2c4c44c130c00a9813e88b5856fa7129d71bcf
SHA256

8425ae333ccb3d734a5f33136a2102d5bfde0e96fa438ca9aba8425cc17a1bf4
SHA512

4758a8df8d045bbacca51cfabb1d01cb1570d411f3872c5b2dc983effd30de4f3562bd41419b73f9e6f4146a982c89e3eec8d6f0412f4ad70677909a8d372a2b

Score

10^/10

systembc suricata trojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata
suricata: ET MALWARE Win32/SystemBC CnC Checkin
suricata: ET MALWARE Win32/SystemBC CnC Checkin
suricata
Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

usxm.exebhodkh.exelnhe.exe

pid process

4028 usxm.exe
2172 bhodkh.exe
4372 lnhe.exe

pid	process
4028	usxm.exe
2172	bhodkh.exe
4372	lnhe.exe

Drops file in Windows directory 5 IoCs

Processes:

s.exeusxm.exebhodkh.exe

description	ioc	process
File created	C:\Windows\Tasks\usxm.job	s.exe
File opened for modification	C:\Windows\Tasks\usxm.job	s.exe
File created	C:\Windows\Tasks\ikiheesfpxmujrhrelb.job	usxm.exe
File created	C:\Windows\Tasks\lnhe.job	bhodkh.exe
File opened for modification	C:\Windows\Tasks\lnhe.job	bhodkh.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2984 3316 WerFault.exe s.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

s.exebhodkh.exe

pid process

3316 s.exe
3316 s.exe
2172 bhodkh.exe
2172 bhodkh.exe

pid	pid_target	process	target process
2984	3316	WerFault.exe	s.exe

pid	process
3316	s.exe
3316	s.exe
2172	bhodkh.exe
2172	bhodkh.exe

C:\Users\Admin\AppData\Local\Temp\s.exe
"C:\Users\Admin\AppData\Local\Temp\s.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:3316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 952
  2⤵
  - Program crash
  PID:2984

C:\ProgramData\iana\usxm.exe
C:\ProgramData\iana\usxm.exe start
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3316 -ip 3316
1⤵
PID:2408

C:\Windows\TEMP\bhodkh.exe
C:\Windows\TEMP\bhodkh.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:2172

C:\ProgramData\rbdg\lnhe.exe
C:\ProgramData\rbdg\lnhe.exe start
1⤵
- Executes dropped EXE
PID:4372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\iana\usxm.exe

Filesize
269KB

MD5
28c2680f129eac906328f1af39995787

SHA1
6d2c4c44c130c00a9813e88b5856fa7129d71bcf

SHA256
8425ae333ccb3d734a5f33136a2102d5bfde0e96fa438ca9aba8425cc17a1bf4

SHA512
4758a8df8d045bbacca51cfabb1d01cb1570d411f3872c5b2dc983effd30de4f3562bd41419b73f9e6f4146a982c89e3eec8d6f0412f4ad70677909a8d372a2b

Download Submit
C:\ProgramData\iana\usxm.exe

Filesize
269KB

MD5
28c2680f129eac906328f1af39995787

SHA1
6d2c4c44c130c00a9813e88b5856fa7129d71bcf

SHA256
8425ae333ccb3d734a5f33136a2102d5bfde0e96fa438ca9aba8425cc17a1bf4

SHA512
4758a8df8d045bbacca51cfabb1d01cb1570d411f3872c5b2dc983effd30de4f3562bd41419b73f9e6f4146a982c89e3eec8d6f0412f4ad70677909a8d372a2b

Download Submit
C:\ProgramData\rbdg\lnhe.exe

Filesize
269KB

MD5
28c2680f129eac906328f1af39995787

SHA1
6d2c4c44c130c00a9813e88b5856fa7129d71bcf

SHA256
8425ae333ccb3d734a5f33136a2102d5bfde0e96fa438ca9aba8425cc17a1bf4

SHA512
4758a8df8d045bbacca51cfabb1d01cb1570d411f3872c5b2dc983effd30de4f3562bd41419b73f9e6f4146a982c89e3eec8d6f0412f4ad70677909a8d372a2b

Download Submit
C:\ProgramData\rbdg\lnhe.exe

Filesize
269KB

MD5
28c2680f129eac906328f1af39995787

SHA1
6d2c4c44c130c00a9813e88b5856fa7129d71bcf

SHA256
8425ae333ccb3d734a5f33136a2102d5bfde0e96fa438ca9aba8425cc17a1bf4

SHA512
4758a8df8d045bbacca51cfabb1d01cb1570d411f3872c5b2dc983effd30de4f3562bd41419b73f9e6f4146a982c89e3eec8d6f0412f4ad70677909a8d372a2b

Download Submit
C:\Windows\TEMP\bhodkh.exe

Filesize
269KB

MD5
28c2680f129eac906328f1af39995787

SHA1
6d2c4c44c130c00a9813e88b5856fa7129d71bcf

SHA256
8425ae333ccb3d734a5f33136a2102d5bfde0e96fa438ca9aba8425cc17a1bf4

SHA512
4758a8df8d045bbacca51cfabb1d01cb1570d411f3872c5b2dc983effd30de4f3562bd41419b73f9e6f4146a982c89e3eec8d6f0412f4ad70677909a8d372a2b

Download Submit
C:\Windows\Tasks\usxm.job

Filesize
242B

MD5
2b01c41b3d4bb7a7914037923292eeb5

SHA1
a3c5e168b57cd2070c7eaf49cd865da77a6c3053

SHA256
a37bc99caabb7b0f267b71512b6aead8dbfe567f4bb73987045e1b3a6998fdf4

SHA512
88be86f09d0e1457d7af74cb0d218f5595817aa6d79d6fdf04f54f748fab52b5737ee3d80ad08b9f6abf6cf084d5221b806c7c74e4fda3f193293c22a00abcda

Download Submit
C:\Windows\Temp\bhodkh.exe

Filesize
269KB

MD5
28c2680f129eac906328f1af39995787

SHA1
6d2c4c44c130c00a9813e88b5856fa7129d71bcf

SHA256
8425ae333ccb3d734a5f33136a2102d5bfde0e96fa438ca9aba8425cc17a1bf4

SHA512
4758a8df8d045bbacca51cfabb1d01cb1570d411f3872c5b2dc983effd30de4f3562bd41419b73f9e6f4146a982c89e3eec8d6f0412f4ad70677909a8d372a2b

Download Submit
memory/2172-148-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/2172-147-0x0000000000570000-0x0000000000670000-memory.dmp

Filesize
1024KB

Download
memory/3316-133-0x00000000006C9000-0x00000000006DA000-memory.dmp

Filesize
68KB

Download
memory/3316-134-0x00000000006C9000-0x00000000006DA000-memory.dmp

Filesize
68KB

Download
memory/3316-136-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/3316-135-0x0000000000520000-0x0000000000529000-memory.dmp

Filesize
36KB

Download
memory/4028-142-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/4028-141-0x00000000007C0000-0x00000000007C9000-memory.dmp

Filesize
36KB

Download
memory/4028-140-0x0000000000843000-0x0000000000853000-memory.dmp

Filesize
64KB

Download
memory/4028-139-0x0000000000843000-0x0000000000853000-memory.dmp

Filesize
64KB

Download
memory/4372-151-0x00000000004E2000-0x00000000004F3000-memory.dmp

Filesize
68KB

Download
memory/4372-152-0x00000000004E2000-0x00000000004F3000-memory.dmp

Filesize
68KB

Download
memory/4372-153-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads